Received error from KDC: -1765328378/Client not found in Kerberos database

Symptoms

First, see How to analyze the log files to identify single-sign on (SSO) issues .

Single sign-on fails. In awingu-worker-smc.service.log, a similar error can be seen:

2021-11-15 09:49:04.956985 gateway awingu-worker-smc.service[manage.py:138627]: Using specified cache: /etc/awingu/domains/WORKSPACEDOMAIN/90b96cf4-182b-491c-b9ac-805790dc101e/kerberos/kerberos_credentials_cache
Using principal: someuser\@somedomain.org@SOMEDOMAIN.ORG
PA Option X509_user_identity = FILE:/etc/awingu/domains/WORKSPACEDOMAIN/90b96cf4-182b-491c-b9ac-805790dc101e/certificate.pem,/etc/awingu/domains/WORKSPACEDOMAIN/90b96cf4-182b-491c-b9ac-805790dc101e/private_key.pem
[64795] 1636969744.947247: Getting initial credentials for someuser\@somedomain.org@SOMEDOMAIN.ORG
[64795] 1636969744.947249: Sending unauthenticated request
[64795] 1636969744.947250: Sending request (199 bytes) to SOMEDOMAIN.ORG
[64795] 1636969744.947251: Resolving hostname somedc.somedomain.org
[64795] 1636969744.947252: Sending initial UDP request to dgram 10.1.2.3:88
[64795] 1636969744.947253: Received answer (98 bytes) from dgram 10.1.2.3:88
[64795] 1636969744.947254: Sending DNS URI query for _kerberos.SOMEDOMAIN.ORG.
[64795] 1636969744.947255: No URI records found
[64795] 1636969744.947256: Sending DNS SRV query for _kerberos-master._udp.SOMEDOMAIN.ORG.
[64795] 1636969744.947257: Sending DNS SRV query for _kerberos-master._tcp.SOMEDOMAIN.ORG.
[64795] 1636969744.947258: No SRV records found
[64795] 1636969744.947259: Response was not from master KDC
[64795] 1636969744.947260: Received error from KDC: -1765328378/Client not found in Kerberos database
[64795] 1636969744.947261: Retrying AS request with master KDC
[64795] 1636969744.947262: Getting initial credentials for someuser\@somedomain.org@SOMEDOMAIN.ORG
[64795] 1636969744.947264: Sending unauthenticated request
[64795] 1636969744.947265: Sending request (199 bytes) to SOMEDOMAIN.ORG (master)
[64795] 1636969744.947266: Sending DNS URI query for _kerberos.SOMEDOMAIN.ORG.
[64795] 1636969744.947267: No URI records found
[64795] 1636969744.947268: Sending DNS SRV query for _kerberos-master._udp.SOMEDOMAIN.ORG.
[64795] 1636969744.947269: Sending DNS SRV query for _kerberos-master._tcp.SOMEDOMAIN.ORG.
[64795] 1636969744.947270: No SRV records found
kinit: Client 'someuser\@somedomain.org@SOMEDOMAIN.ORG' not found in Kerberos database while getting initial credentials

Cause

The client is not found in the Kerberos database.

Resolution

Multiple causes lead to this error.

• Missing (or invalid) trusted root certificates on the Parallels Secure Workspace appliance.
  Try including the certificates of any intermediate and the root Certification Authority (CA) of the Workspace SubCA.

• Verify if the end user's logon name (especially domain suffix) matches the client/user specified in the error message

• Verify if there is only one user with this user principal name (UPN). It is possible in Microsoft Windows environments that there are multiple users with the same UPN.